1. Field of the Invention
This invention relates generally to the accessing of multiple profiles over a network and, more specifically, to authenticating the accessing of multiple profiles from only a single remote device and the communication of those profiles stored on a web server.
2. Description of the Related Art
The following descriptions and examples are given as background only.
Computers having relatively large storage capacity are oftentimes referred to as servers. In a modern communication environment, most servers store website information as well as information pertinent to a user. Those servers are oftentimes referred to as web servers. Web servers not only store web information accessible to a user, but also store information confidential to that user. Such confidential information can include, for example, a profile of that user. For example, with online banking services, the profile might include information about various financial accounts, as well as access to and manipulation of those accounts.
Because of the confidential nature of certain profiles, it is critical that security of those accounts be maintained. Identity theft and man-in-the-middle attacks have become common-place whenever a web server is accessible over a public communication network, including wireless networks. A popular form of such wired or wireless public communication networks is the Internet or Web.
A typical mechanism used to access a profile is for a user to provide their username and password. The username and password is entered into the device that is remote from yet connected to the web server via the Internet. Unfortunately, this type of authentication cannot sufficiently protect the profile information and is somewhat burdensome each time a user wishes to access their profile. Phishing and man-in-the-middle attacks, as well as keystroke logging, are problematic—especially if the remote device is readily accessible to a malicious user.
Certainly the most accessible type of remote device is a mobile device, e.g., personal digital assistants, smartphones, and other types of client devices which can be readily moved, yet can access the Internet. Like any client device, a remote device or mobile device, can easily download application programs. For example, devices can shop an application store over the Internet and thereafter download the desired application program, which then will reside as an icon on the graphical user interface of the device. The application program consists of code that can execute on an execution unit, CPU or processor, hereinafter referred to as “an execution unit.” By executing the code, certain pieces of software, such as a software token, can be stored. If desired, the software token can be encrypted by executing software within the application program. The use of encrypted tokens and the generation of personal identification numbers aids in the authentication of the remote device and ensuring the user's confidential profile is protected against unauthorized access.